It is working but i need your eyes over it to help me do it on another server.
What i did is:
preliminary notes:

A. I used ispconfig manual in order to have SSL configured.
B. The server i used has 1 IP address with numerous virtual hosts on it. That meas that (With accordance to the ispconfig manual) only one Vhost can have the SSL certificate.

I ended with the following:
When ever i do https://example.com, i get an answer feom the server and everything looks o.k. - But: when ever i do https://hostname.com i am redirected by the server to example.com or ,if you like, to /var/www/example.com/web.
As far as i can see with this server configuration only one Vhost can have SSL access because there is only 1 SSL certificate to it IP address.
That is fine.

Now i need your help/opinion regarding another server who have 4 ip address and many Vhosts on any IP address. This server is a production server and i do not and can not play with it.

I think that it can be done by adding multiple data to default-ssl it might look like this (but i am not shure about that):

would it be posible to include a patch that we can apply to the code (or a module of some kind) to be able to do this standaard for all users.

an alternative option - but im not sure if that could even work, would be to allow both methods,

sinse we already have 1ip we might want to enable default ssl for the ISPConfig pannel so that we're sure that that's always safe (including older browsers),

> we could enable it on a non default port as webmin or plesk has it.
so you would do server1.mywebhostingcompany.com:12322/ to get to your ssl protected management panel, and we could than still use sni on port 433 (with a warning (or a gracefull degradation), to users who want there websites protected.

Thats what ISPConfig is doing already, you can enable ssl when you run a ispconfig update on your system in the ispconfig installer. You dont need the approach described above for that, as you can rin as many ssl certs as you like with openssl when they use different ports. The above approach is only about using multi ssl certs on the same port and same IP.

sorry if i wasn't being clear enought, what i meen is, 1cert to rule them all (no really, just for the admin interface), and SNI for the rest of it.

i would like to have none-sni supporting browers still at least to be able to use the admin interface, while users who dont care so mutch about backwardcompatiblillity can have ssl based websites also (for say joomla's admin interface or stuf like OScommerce.

this however would require some php code (i think) that could manage SNI, and its certs,

i think that ano 2011 not supporting sni is like building a website in ms word '98 it mostly works but its not what you'd expect.

on a client side i would probly write some jscript or php+jscript warning msg that detects ms win xp, and recomends updating to at least firefox 3.6 or upgrading their os to supporting versions.